Export limit exceeded: 20061 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365650 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-3827 1 Kailash Nadh 1 Boastmachine 2026-04-16 N/A
SQL injection vulnerability in bmc/Inc/core/admin/search.inc.php in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the blog parameter.
CVE-2006-3825 1 Sun 1 Solaris 2026-04-16 N/A
The IPv4 implementation in Sun Solaris 10 before 20060721 allows local users to select routes that differ from the routing table, possibly facilitating firewall bypass or unauthorized network communication.
CVE-2006-3824 1 Sun 1 Solaris 2026-04-16 N/A
systeminfo.c for Sun Solaris allows local users to read kernel memory via a 0 variable count argument to the sysinfo system call, which causes a -1 argument to be used by the copyout function. NOTE: this issue has been referred to as an integer overflow, but it is probably more like a signedness error or integer underflow.
CVE-2006-3823 1 Geodesicsolutions 2 Geoauctions Premier, Geoclassifieds Basic 2026-04-16 N/A
SQL injection vulnerability in index.php in GeodesicSolutions (1) GeoAuctions Premier 2.0.3 and (2) GeoClassifieds Basic 2.0.3 allows remote attackers to execute arbitrary SQL commands via the b parameter.
CVE-2006-3821 1 Adaptive Technology Resource Centre 1 Atutor 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in (a) index_list.php and (2) year, (3) month, and (4) day parameter in (b) registration.php.
CVE-2006-2605 1 Dschat 1 Dschat 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in DSChat 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the chatbox, probably involving the ctext parameter to send.php.
CVE-2006-2591 1 E107 1 E107 2026-04-16 N/A
Unspecified vulnerability in e107 before 0.7.5 has unknown impact and remote attack vectors related to an "emailing exploit".
CVE-2006-2590 1 E107 1 E107 2026-04-16 N/A
SQL injection vulnerability in e107 before 0.7.5 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
CVE-2006-2589 1 Mybulletinboard 1 Mybulletinboard 2026-04-16 N/A
SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. NOTE: it is not clear from the original report how this attack can succeed, since the demonstration URL uses a variable that is overwritten with static data in the extracted source code.
CVE-2006-2587 1 Even Balance 1 Punkbuster 2026-04-16 N/A
Buffer overflow in the WebTool HTTP server component in (1) PunkBuster before 1.229, as used by multiple products including (2) America's Army 1.228 and earlier, (3) Battlefield 1942 1.158 and earlier, (4) Battlefield 2 1.184 and earlier, (5) Battlefield Vietnam 1.150 and earlier, (6) Call of Duty 1.173 and earlier, (7) Call of Duty 2 1.108 and earlier, (8) DOOM 3 1.159 and earlier, (9) Enemy Territory 1.167 and earlier, (10) Far Cry 1.150 and earlier, (11) F.E.A.R. 1.093 and earlier, (12) Joint Operations 1.187 and earlier, (13) Quake III Arena 1.150 and earlier, (14) Quake 4 1.181 and earlier, (15) Rainbow Six 3: Raven Shield 1.169 and earlier, (16) Rainbow Six 4: Lockdown 1.093 and earlier, (17) Return to Castle Wolfenstein 1.175 and earlier, and (18) Soldier of Fortune II 1.183 and earlier allows remote attackers to cause a denial of service (application crash) via a long webkey parameter.
CVE-2006-2584 1 Skyebox 1 Skyebox 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in post.php in SkyeBox 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it was likely prompted by a vague announcement from a researcher who incorrectly referred to the product as "SkyeShoutbox."
CVE-2006-2581 1 Rwiki 1 Rwiki 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Wiki content in RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVE-2006-2042 1 Adobe 1 Dreamweaver 2026-04-16 N/A
Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that allows SQL injection attacks in the (1) ColdFusion, (2) PHP mySQL, (3) ASP, (4) ASP.NET, and (5) JSP server models.
CVE-2006-0067 1 Vego 1 Vego Links Builder 2026-04-16 N/A
SQL injection vulnerability in login.php in VEGO Links Builder 2.00 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2006-0065 1 Vego 1 Vego Web Forum 2026-04-16 N/A
SQL injection vulnerability in (1) functions.php, (2) functions_update.php, and (3) functions_display.php in VEGO Web Forum 1.26 and earlier allows remote attackers to execute arbitrary SQL commands via the theme_id parameter in index.php.
CVE-2006-0064 1 Devellion 1 Cubecart 2026-04-16 N/A
PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code via a URL in the glob[rootDir] parameter.
CVE-2006-4295 1 Panda 1 Panda Activescan 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ActiveScan 5.53.00 allows remote attackers to inject arbitrary web script or HTML via the email parameter.
CVE-2005-4805 1 Sun 1 Java System Application Server 2026-04-16 N/A
Unspecified vulnerability in Sun Java System Application Server 7 Standard and Platform Edition 6 and earlier, and 2004Q2 Standard and Platform Edition Update 2 and earlier, allows remote attackers to obtain the source code for Java Server pages (JSP) via unknown vectors.
CVE-2005-4605 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions before 2.6.15 allows attackers to read sensitive kernel memory via unspecified vectors in which a signed value is added to an unsigned value.
CVE-2004-0213 1 Microsoft 1 Windows 2000 2026-04-16 7.8 High
Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908.